Back to home page

LXR

 
 

    


0001 /*
0002  * kexec: kexec_file_load system call
0003  *
0004  * Copyright (C) 2014 Red Hat Inc.
0005  * Authors:
0006  *      Vivek Goyal <vgoyal@redhat.com>
0007  *
0008  * This source code is licensed under the GNU General Public License,
0009  * Version 2.  See the file COPYING for more details.
0010  */
0011 
0012 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0013 
0014 #include <linux/capability.h>
0015 #include <linux/mm.h>
0016 #include <linux/file.h>
0017 #include <linux/slab.h>
0018 #include <linux/kexec.h>
0019 #include <linux/mutex.h>
0020 #include <linux/list.h>
0021 #include <linux/fs.h>
0022 #include <linux/ima.h>
0023 #include <crypto/hash.h>
0024 #include <crypto/sha.h>
0025 #include <linux/syscalls.h>
0026 #include <linux/vmalloc.h>
0027 #include "kexec_internal.h"
0028 
0029 /*
0030  * Declare these symbols weak so that if architecture provides a purgatory,
0031  * these will be overridden.
0032  */
0033 char __weak kexec_purgatory[0];
0034 size_t __weak kexec_purgatory_size = 0;
0035 
0036 static int kexec_calculate_store_digests(struct kimage *image);
0037 
0038 /* Architectures can provide this probe function */
0039 int __weak arch_kexec_kernel_image_probe(struct kimage *image, void *buf,
0040                      unsigned long buf_len)
0041 {
0042     return -ENOEXEC;
0043 }
0044 
0045 void * __weak arch_kexec_kernel_image_load(struct kimage *image)
0046 {
0047     return ERR_PTR(-ENOEXEC);
0048 }
0049 
0050 int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
0051 {
0052     return -EINVAL;
0053 }
0054 
0055 #ifdef CONFIG_KEXEC_VERIFY_SIG
0056 int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
0057                     unsigned long buf_len)
0058 {
0059     return -EKEYREJECTED;
0060 }
0061 #endif
0062 
0063 /* Apply relocations of type RELA */
0064 int __weak
0065 arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
0066                  unsigned int relsec)
0067 {
0068     pr_err("RELA relocation unsupported.\n");
0069     return -ENOEXEC;
0070 }
0071 
0072 /* Apply relocations of type REL */
0073 int __weak
0074 arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
0075                  unsigned int relsec)
0076 {
0077     pr_err("REL relocation unsupported.\n");
0078     return -ENOEXEC;
0079 }
0080 
0081 /*
0082  * Free up memory used by kernel, initrd, and command line. This is temporary
0083  * memory allocation which is not needed any more after these buffers have
0084  * been loaded into separate segments and have been copied elsewhere.
0085  */
0086 void kimage_file_post_load_cleanup(struct kimage *image)
0087 {
0088     struct purgatory_info *pi = &image->purgatory_info;
0089 
0090     vfree(image->kernel_buf);
0091     image->kernel_buf = NULL;
0092 
0093     vfree(image->initrd_buf);
0094     image->initrd_buf = NULL;
0095 
0096     kfree(image->cmdline_buf);
0097     image->cmdline_buf = NULL;
0098 
0099     vfree(pi->purgatory_buf);
0100     pi->purgatory_buf = NULL;
0101 
0102     vfree(pi->sechdrs);
0103     pi->sechdrs = NULL;
0104 
0105     /* See if architecture has anything to cleanup post load */
0106     arch_kimage_file_post_load_cleanup(image);
0107 
0108     /*
0109      * Above call should have called into bootloader to free up
0110      * any data stored in kimage->image_loader_data. It should
0111      * be ok now to free it up.
0112      */
0113     kfree(image->image_loader_data);
0114     image->image_loader_data = NULL;
0115 }
0116 
0117 /*
0118  * In file mode list of segments is prepared by kernel. Copy relevant
0119  * data from user space, do error checking, prepare segment list
0120  */
0121 static int
0122 kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
0123                  const char __user *cmdline_ptr,
0124                  unsigned long cmdline_len, unsigned flags)
0125 {
0126     int ret = 0;
0127     void *ldata;
0128     loff_t size;
0129 
0130     ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
0131                        &size, INT_MAX, READING_KEXEC_IMAGE);
0132     if (ret)
0133         return ret;
0134     image->kernel_buf_len = size;
0135 
0136     /* IMA needs to pass the measurement list to the next kernel. */
0137     ima_add_kexec_buffer(image);
0138 
0139     /* Call arch image probe handlers */
0140     ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
0141                         image->kernel_buf_len);
0142     if (ret)
0143         goto out;
0144 
0145 #ifdef CONFIG_KEXEC_VERIFY_SIG
0146     ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
0147                        image->kernel_buf_len);
0148     if (ret) {
0149         pr_debug("kernel signature verification failed.\n");
0150         goto out;
0151     }
0152     pr_debug("kernel signature verification successful.\n");
0153 #endif
0154     /* It is possible that there no initramfs is being loaded */
0155     if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
0156         ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf,
0157                            &size, INT_MAX,
0158                            READING_KEXEC_INITRAMFS);
0159         if (ret)
0160             goto out;
0161         image->initrd_buf_len = size;
0162     }
0163 
0164     if (cmdline_len) {
0165         image->cmdline_buf = kzalloc(cmdline_len, GFP_KERNEL);
0166         if (!image->cmdline_buf) {
0167             ret = -ENOMEM;
0168             goto out;
0169         }
0170 
0171         ret = copy_from_user(image->cmdline_buf, cmdline_ptr,
0172                      cmdline_len);
0173         if (ret) {
0174             ret = -EFAULT;
0175             goto out;
0176         }
0177 
0178         image->cmdline_buf_len = cmdline_len;
0179 
0180         /* command line should be a string with last byte null */
0181         if (image->cmdline_buf[cmdline_len - 1] != '\0') {
0182             ret = -EINVAL;
0183             goto out;
0184         }
0185     }
0186 
0187     /* Call arch image load handlers */
0188     ldata = arch_kexec_kernel_image_load(image);
0189 
0190     if (IS_ERR(ldata)) {
0191         ret = PTR_ERR(ldata);
0192         goto out;
0193     }
0194 
0195     image->image_loader_data = ldata;
0196 out:
0197     /* In case of error, free up all allocated memory in this function */
0198     if (ret)
0199         kimage_file_post_load_cleanup(image);
0200     return ret;
0201 }
0202 
0203 static int
0204 kimage_file_alloc_init(struct kimage **rimage, int kernel_fd,
0205                int initrd_fd, const char __user *cmdline_ptr,
0206                unsigned long cmdline_len, unsigned long flags)
0207 {
0208     int ret;
0209     struct kimage *image;
0210     bool kexec_on_panic = flags & KEXEC_FILE_ON_CRASH;
0211 
0212     image = do_kimage_alloc_init();
0213     if (!image)
0214         return -ENOMEM;
0215 
0216     image->file_mode = 1;
0217 
0218     if (kexec_on_panic) {
0219         /* Enable special crash kernel control page alloc policy. */
0220         image->control_page = crashk_res.start;
0221         image->type = KEXEC_TYPE_CRASH;
0222     }
0223 
0224     ret = kimage_file_prepare_segments(image, kernel_fd, initrd_fd,
0225                        cmdline_ptr, cmdline_len, flags);
0226     if (ret)
0227         goto out_free_image;
0228 
0229     ret = sanity_check_segment_list(image);
0230     if (ret)
0231         goto out_free_post_load_bufs;
0232 
0233     ret = -ENOMEM;
0234     image->control_code_page = kimage_alloc_control_pages(image,
0235                        get_order(KEXEC_CONTROL_PAGE_SIZE));
0236     if (!image->control_code_page) {
0237         pr_err("Could not allocate control_code_buffer\n");
0238         goto out_free_post_load_bufs;
0239     }
0240 
0241     if (!kexec_on_panic) {
0242         image->swap_page = kimage_alloc_control_pages(image, 0);
0243         if (!image->swap_page) {
0244             pr_err("Could not allocate swap buffer\n");
0245             goto out_free_control_pages;
0246         }
0247     }
0248 
0249     *rimage = image;
0250     return 0;
0251 out_free_control_pages:
0252     kimage_free_page_list(&image->control_pages);
0253 out_free_post_load_bufs:
0254     kimage_file_post_load_cleanup(image);
0255 out_free_image:
0256     kfree(image);
0257     return ret;
0258 }
0259 
0260 SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
0261         unsigned long, cmdline_len, const char __user *, cmdline_ptr,
0262         unsigned long, flags)
0263 {
0264     int ret = 0, i;
0265     struct kimage **dest_image, *image;
0266 
0267     /* We only trust the superuser with rebooting the system. */
0268     if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
0269         return -EPERM;
0270 
0271     /* Make sure we have a legal set of flags */
0272     if (flags != (flags & KEXEC_FILE_FLAGS))
0273         return -EINVAL;
0274 
0275     image = NULL;
0276 
0277     if (!mutex_trylock(&kexec_mutex))
0278         return -EBUSY;
0279 
0280     dest_image = &kexec_image;
0281     if (flags & KEXEC_FILE_ON_CRASH) {
0282         dest_image = &kexec_crash_image;
0283         if (kexec_crash_image)
0284             arch_kexec_unprotect_crashkres();
0285     }
0286 
0287     if (flags & KEXEC_FILE_UNLOAD)
0288         goto exchange;
0289 
0290     /*
0291      * In case of crash, new kernel gets loaded in reserved region. It is
0292      * same memory where old crash kernel might be loaded. Free any
0293      * current crash dump kernel before we corrupt it.
0294      */
0295     if (flags & KEXEC_FILE_ON_CRASH)
0296         kimage_free(xchg(&kexec_crash_image, NULL));
0297 
0298     ret = kimage_file_alloc_init(&image, kernel_fd, initrd_fd, cmdline_ptr,
0299                      cmdline_len, flags);
0300     if (ret)
0301         goto out;
0302 
0303     ret = machine_kexec_prepare(image);
0304     if (ret)
0305         goto out;
0306 
0307     ret = kexec_calculate_store_digests(image);
0308     if (ret)
0309         goto out;
0310 
0311     for (i = 0; i < image->nr_segments; i++) {
0312         struct kexec_segment *ksegment;
0313 
0314         ksegment = &image->segment[i];
0315         pr_debug("Loading segment %d: buf=0x%p bufsz=0x%zx mem=0x%lx memsz=0x%zx\n",
0316              i, ksegment->buf, ksegment->bufsz, ksegment->mem,
0317              ksegment->memsz);
0318 
0319         ret = kimage_load_segment(image, &image->segment[i]);
0320         if (ret)
0321             goto out;
0322     }
0323 
0324     kimage_terminate(image);
0325 
0326     /*
0327      * Free up any temporary buffers allocated which are not needed
0328      * after image has been loaded
0329      */
0330     kimage_file_post_load_cleanup(image);
0331 exchange:
0332     image = xchg(dest_image, image);
0333 out:
0334     if ((flags & KEXEC_FILE_ON_CRASH) && kexec_crash_image)
0335         arch_kexec_protect_crashkres();
0336 
0337     mutex_unlock(&kexec_mutex);
0338     kimage_free(image);
0339     return ret;
0340 }
0341 
0342 static int locate_mem_hole_top_down(unsigned long start, unsigned long end,
0343                     struct kexec_buf *kbuf)
0344 {
0345     struct kimage *image = kbuf->image;
0346     unsigned long temp_start, temp_end;
0347 
0348     temp_end = min(end, kbuf->buf_max);
0349     temp_start = temp_end - kbuf->memsz;
0350 
0351     do {
0352         /* align down start */
0353         temp_start = temp_start & (~(kbuf->buf_align - 1));
0354 
0355         if (temp_start < start || temp_start < kbuf->buf_min)
0356             return 0;
0357 
0358         temp_end = temp_start + kbuf->memsz - 1;
0359 
0360         /*
0361          * Make sure this does not conflict with any of existing
0362          * segments
0363          */
0364         if (kimage_is_destination_range(image, temp_start, temp_end)) {
0365             temp_start = temp_start - PAGE_SIZE;
0366             continue;
0367         }
0368 
0369         /* We found a suitable memory range */
0370         break;
0371     } while (1);
0372 
0373     /* If we are here, we found a suitable memory range */
0374     kbuf->mem = temp_start;
0375 
0376     /* Success, stop navigating through remaining System RAM ranges */
0377     return 1;
0378 }
0379 
0380 static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end,
0381                      struct kexec_buf *kbuf)
0382 {
0383     struct kimage *image = kbuf->image;
0384     unsigned long temp_start, temp_end;
0385 
0386     temp_start = max(start, kbuf->buf_min);
0387 
0388     do {
0389         temp_start = ALIGN(temp_start, kbuf->buf_align);
0390         temp_end = temp_start + kbuf->memsz - 1;
0391 
0392         if (temp_end > end || temp_end > kbuf->buf_max)
0393             return 0;
0394         /*
0395          * Make sure this does not conflict with any of existing
0396          * segments
0397          */
0398         if (kimage_is_destination_range(image, temp_start, temp_end)) {
0399             temp_start = temp_start + PAGE_SIZE;
0400             continue;
0401         }
0402 
0403         /* We found a suitable memory range */
0404         break;
0405     } while (1);
0406 
0407     /* If we are here, we found a suitable memory range */
0408     kbuf->mem = temp_start;
0409 
0410     /* Success, stop navigating through remaining System RAM ranges */
0411     return 1;
0412 }
0413 
0414 static int locate_mem_hole_callback(u64 start, u64 end, void *arg)
0415 {
0416     struct kexec_buf *kbuf = (struct kexec_buf *)arg;
0417     unsigned long sz = end - start + 1;
0418 
0419     /* Returning 0 will take to next memory range */
0420     if (sz < kbuf->memsz)
0421         return 0;
0422 
0423     if (end < kbuf->buf_min || start > kbuf->buf_max)
0424         return 0;
0425 
0426     /*
0427      * Allocate memory top down with-in ram range. Otherwise bottom up
0428      * allocation.
0429      */
0430     if (kbuf->top_down)
0431         return locate_mem_hole_top_down(start, end, kbuf);
0432     return locate_mem_hole_bottom_up(start, end, kbuf);
0433 }
0434 
0435 /**
0436  * arch_kexec_walk_mem - call func(data) on free memory regions
0437  * @kbuf:   Context info for the search. Also passed to @func.
0438  * @func:   Function to call for each memory region.
0439  *
0440  * Return: The memory walk will stop when func returns a non-zero value
0441  * and that value will be returned. If all free regions are visited without
0442  * func returning non-zero, then zero will be returned.
0443  */
0444 int __weak arch_kexec_walk_mem(struct kexec_buf *kbuf,
0445                    int (*func)(u64, u64, void *))
0446 {
0447     if (kbuf->image->type == KEXEC_TYPE_CRASH)
0448         return walk_iomem_res_desc(crashk_res.desc,
0449                        IORESOURCE_SYSTEM_RAM | IORESOURCE_BUSY,
0450                        crashk_res.start, crashk_res.end,
0451                        kbuf, func);
0452     else
0453         return walk_system_ram_res(0, ULONG_MAX, kbuf, func);
0454 }
0455 
0456 /**
0457  * kexec_locate_mem_hole - find free memory for the purgatory or the next kernel
0458  * @kbuf:   Parameters for the memory search.
0459  *
0460  * On success, kbuf->mem will have the start address of the memory region found.
0461  *
0462  * Return: 0 on success, negative errno on error.
0463  */
0464 int kexec_locate_mem_hole(struct kexec_buf *kbuf)
0465 {
0466     int ret;
0467 
0468     ret = arch_kexec_walk_mem(kbuf, locate_mem_hole_callback);
0469 
0470     return ret == 1 ? 0 : -EADDRNOTAVAIL;
0471 }
0472 
0473 /**
0474  * kexec_add_buffer - place a buffer in a kexec segment
0475  * @kbuf:   Buffer contents and memory parameters.
0476  *
0477  * This function assumes that kexec_mutex is held.
0478  * On successful return, @kbuf->mem will have the physical address of
0479  * the buffer in memory.
0480  *
0481  * Return: 0 on success, negative errno on error.
0482  */
0483 int kexec_add_buffer(struct kexec_buf *kbuf)
0484 {
0485 
0486     struct kexec_segment *ksegment;
0487     int ret;
0488 
0489     /* Currently adding segment this way is allowed only in file mode */
0490     if (!kbuf->image->file_mode)
0491         return -EINVAL;
0492 
0493     if (kbuf->image->nr_segments >= KEXEC_SEGMENT_MAX)
0494         return -EINVAL;
0495 
0496     /*
0497      * Make sure we are not trying to add buffer after allocating
0498      * control pages. All segments need to be placed first before
0499      * any control pages are allocated. As control page allocation
0500      * logic goes through list of segments to make sure there are
0501      * no destination overlaps.
0502      */
0503     if (!list_empty(&kbuf->image->control_pages)) {
0504         WARN_ON(1);
0505         return -EINVAL;
0506     }
0507 
0508     /* Ensure minimum alignment needed for segments. */
0509     kbuf->memsz = ALIGN(kbuf->memsz, PAGE_SIZE);
0510     kbuf->buf_align = max(kbuf->buf_align, PAGE_SIZE);
0511 
0512     /* Walk the RAM ranges and allocate a suitable range for the buffer */
0513     ret = kexec_locate_mem_hole(kbuf);
0514     if (ret)
0515         return ret;
0516 
0517     /* Found a suitable memory range */
0518     ksegment = &kbuf->image->segment[kbuf->image->nr_segments];
0519     ksegment->kbuf = kbuf->buffer;
0520     ksegment->bufsz = kbuf->bufsz;
0521     ksegment->mem = kbuf->mem;
0522     ksegment->memsz = kbuf->memsz;
0523     kbuf->image->nr_segments++;
0524     return 0;
0525 }
0526 
0527 /* Calculate and store the digest of segments */
0528 static int kexec_calculate_store_digests(struct kimage *image)
0529 {
0530     struct crypto_shash *tfm;
0531     struct shash_desc *desc;
0532     int ret = 0, i, j, zero_buf_sz, sha_region_sz;
0533     size_t desc_size, nullsz;
0534     char *digest;
0535     void *zero_buf;
0536     struct kexec_sha_region *sha_regions;
0537     struct purgatory_info *pi = &image->purgatory_info;
0538 
0539     zero_buf = __va(page_to_pfn(ZERO_PAGE(0)) << PAGE_SHIFT);
0540     zero_buf_sz = PAGE_SIZE;
0541 
0542     tfm = crypto_alloc_shash("sha256", 0, 0);
0543     if (IS_ERR(tfm)) {
0544         ret = PTR_ERR(tfm);
0545         goto out;
0546     }
0547 
0548     desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
0549     desc = kzalloc(desc_size, GFP_KERNEL);
0550     if (!desc) {
0551         ret = -ENOMEM;
0552         goto out_free_tfm;
0553     }
0554 
0555     sha_region_sz = KEXEC_SEGMENT_MAX * sizeof(struct kexec_sha_region);
0556     sha_regions = vzalloc(sha_region_sz);
0557     if (!sha_regions)
0558         goto out_free_desc;
0559 
0560     desc->tfm   = tfm;
0561     desc->flags = 0;
0562 
0563     ret = crypto_shash_init(desc);
0564     if (ret < 0)
0565         goto out_free_sha_regions;
0566 
0567     digest = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
0568     if (!digest) {
0569         ret = -ENOMEM;
0570         goto out_free_sha_regions;
0571     }
0572 
0573     for (j = i = 0; i < image->nr_segments; i++) {
0574         struct kexec_segment *ksegment;
0575 
0576         ksegment = &image->segment[i];
0577         /*
0578          * Skip purgatory as it will be modified once we put digest
0579          * info in purgatory.
0580          */
0581         if (ksegment->kbuf == pi->purgatory_buf)
0582             continue;
0583 
0584         ret = crypto_shash_update(desc, ksegment->kbuf,
0585                       ksegment->bufsz);
0586         if (ret)
0587             break;
0588 
0589         /*
0590          * Assume rest of the buffer is filled with zero and
0591          * update digest accordingly.
0592          */
0593         nullsz = ksegment->memsz - ksegment->bufsz;
0594         while (nullsz) {
0595             unsigned long bytes = nullsz;
0596 
0597             if (bytes > zero_buf_sz)
0598                 bytes = zero_buf_sz;
0599             ret = crypto_shash_update(desc, zero_buf, bytes);
0600             if (ret)
0601                 break;
0602             nullsz -= bytes;
0603         }
0604 
0605         if (ret)
0606             break;
0607 
0608         sha_regions[j].start = ksegment->mem;
0609         sha_regions[j].len = ksegment->memsz;
0610         j++;
0611     }
0612 
0613     if (!ret) {
0614         ret = crypto_shash_final(desc, digest);
0615         if (ret)
0616             goto out_free_digest;
0617         ret = kexec_purgatory_get_set_symbol(image, "sha_regions",
0618                         sha_regions, sha_region_sz, 0);
0619         if (ret)
0620             goto out_free_digest;
0621 
0622         ret = kexec_purgatory_get_set_symbol(image, "sha256_digest",
0623                         digest, SHA256_DIGEST_SIZE, 0);
0624         if (ret)
0625             goto out_free_digest;
0626     }
0627 
0628 out_free_digest:
0629     kfree(digest);
0630 out_free_sha_regions:
0631     vfree(sha_regions);
0632 out_free_desc:
0633     kfree(desc);
0634 out_free_tfm:
0635     kfree(tfm);
0636 out:
0637     return ret;
0638 }
0639 
0640 /* Actually load purgatory. Lot of code taken from kexec-tools */
0641 static int __kexec_load_purgatory(struct kimage *image, unsigned long min,
0642                   unsigned long max, int top_down)
0643 {
0644     struct purgatory_info *pi = &image->purgatory_info;
0645     unsigned long align, bss_align, bss_sz, bss_pad;
0646     unsigned long entry, load_addr, curr_load_addr, bss_addr, offset;
0647     unsigned char *buf_addr, *src;
0648     int i, ret = 0, entry_sidx = -1;
0649     const Elf_Shdr *sechdrs_c;
0650     Elf_Shdr *sechdrs = NULL;
0651     struct kexec_buf kbuf = { .image = image, .bufsz = 0, .buf_align = 1,
0652                   .buf_min = min, .buf_max = max,
0653                   .top_down = top_down };
0654 
0655     /*
0656      * sechdrs_c points to section headers in purgatory and are read
0657      * only. No modifications allowed.
0658      */
0659     sechdrs_c = (void *)pi->ehdr + pi->ehdr->e_shoff;
0660 
0661     /*
0662      * We can not modify sechdrs_c[] and its fields. It is read only.
0663      * Copy it over to a local copy where one can store some temporary
0664      * data and free it at the end. We need to modify ->sh_addr and
0665      * ->sh_offset fields to keep track of permanent and temporary
0666      * locations of sections.
0667      */
0668     sechdrs = vzalloc(pi->ehdr->e_shnum * sizeof(Elf_Shdr));
0669     if (!sechdrs)
0670         return -ENOMEM;
0671 
0672     memcpy(sechdrs, sechdrs_c, pi->ehdr->e_shnum * sizeof(Elf_Shdr));
0673 
0674     /*
0675      * We seem to have multiple copies of sections. First copy is which
0676      * is embedded in kernel in read only section. Some of these sections
0677      * will be copied to a temporary buffer and relocated. And these
0678      * sections will finally be copied to their final destination at
0679      * segment load time.
0680      *
0681      * Use ->sh_offset to reflect section address in memory. It will
0682      * point to original read only copy if section is not allocatable.
0683      * Otherwise it will point to temporary copy which will be relocated.
0684      *
0685      * Use ->sh_addr to contain final address of the section where it
0686      * will go during execution time.
0687      */
0688     for (i = 0; i < pi->ehdr->e_shnum; i++) {
0689         if (sechdrs[i].sh_type == SHT_NOBITS)
0690             continue;
0691 
0692         sechdrs[i].sh_offset = (unsigned long)pi->ehdr +
0693                         sechdrs[i].sh_offset;
0694     }
0695 
0696     /*
0697      * Identify entry point section and make entry relative to section
0698      * start.
0699      */
0700     entry = pi->ehdr->e_entry;
0701     for (i = 0; i < pi->ehdr->e_shnum; i++) {
0702         if (!(sechdrs[i].sh_flags & SHF_ALLOC))
0703             continue;
0704 
0705         if (!(sechdrs[i].sh_flags & SHF_EXECINSTR))
0706             continue;
0707 
0708         /* Make entry section relative */
0709         if (sechdrs[i].sh_addr <= pi->ehdr->e_entry &&
0710             ((sechdrs[i].sh_addr + sechdrs[i].sh_size) >
0711              pi->ehdr->e_entry)) {
0712             entry_sidx = i;
0713             entry -= sechdrs[i].sh_addr;
0714             break;
0715         }
0716     }
0717 
0718     /* Determine how much memory is needed to load relocatable object. */
0719     bss_align = 1;
0720     bss_sz = 0;
0721 
0722     for (i = 0; i < pi->ehdr->e_shnum; i++) {
0723         if (!(sechdrs[i].sh_flags & SHF_ALLOC))
0724             continue;
0725 
0726         align = sechdrs[i].sh_addralign;
0727         if (sechdrs[i].sh_type != SHT_NOBITS) {
0728             if (kbuf.buf_align < align)
0729                 kbuf.buf_align = align;
0730             kbuf.bufsz = ALIGN(kbuf.bufsz, align);
0731             kbuf.bufsz += sechdrs[i].sh_size;
0732         } else {
0733             /* bss section */
0734             if (bss_align < align)
0735                 bss_align = align;
0736             bss_sz = ALIGN(bss_sz, align);
0737             bss_sz += sechdrs[i].sh_size;
0738         }
0739     }
0740 
0741     /* Determine the bss padding required to align bss properly */
0742     bss_pad = 0;
0743     if (kbuf.bufsz & (bss_align - 1))
0744         bss_pad = bss_align - (kbuf.bufsz & (bss_align - 1));
0745 
0746     kbuf.memsz = kbuf.bufsz + bss_pad + bss_sz;
0747 
0748     /* Allocate buffer for purgatory */
0749     kbuf.buffer = vzalloc(kbuf.bufsz);
0750     if (!kbuf.buffer) {
0751         ret = -ENOMEM;
0752         goto out;
0753     }
0754 
0755     if (kbuf.buf_align < bss_align)
0756         kbuf.buf_align = bss_align;
0757 
0758     /* Add buffer to segment list */
0759     ret = kexec_add_buffer(&kbuf);
0760     if (ret)
0761         goto out;
0762     pi->purgatory_load_addr = kbuf.mem;
0763 
0764     /* Load SHF_ALLOC sections */
0765     buf_addr = kbuf.buffer;
0766     load_addr = curr_load_addr = pi->purgatory_load_addr;
0767     bss_addr = load_addr + kbuf.bufsz + bss_pad;
0768 
0769     for (i = 0; i < pi->ehdr->e_shnum; i++) {
0770         if (!(sechdrs[i].sh_flags & SHF_ALLOC))
0771             continue;
0772 
0773         align = sechdrs[i].sh_addralign;
0774         if (sechdrs[i].sh_type != SHT_NOBITS) {
0775             curr_load_addr = ALIGN(curr_load_addr, align);
0776             offset = curr_load_addr - load_addr;
0777             /* We already modifed ->sh_offset to keep src addr */
0778             src = (char *) sechdrs[i].sh_offset;
0779             memcpy(buf_addr + offset, src, sechdrs[i].sh_size);
0780 
0781             /* Store load address and source address of section */
0782             sechdrs[i].sh_addr = curr_load_addr;
0783 
0784             /*
0785              * This section got copied to temporary buffer. Update
0786              * ->sh_offset accordingly.
0787              */
0788             sechdrs[i].sh_offset = (unsigned long)(buf_addr + offset);
0789 
0790             /* Advance to the next address */
0791             curr_load_addr += sechdrs[i].sh_size;
0792         } else {
0793             bss_addr = ALIGN(bss_addr, align);
0794             sechdrs[i].sh_addr = bss_addr;
0795             bss_addr += sechdrs[i].sh_size;
0796         }
0797     }
0798 
0799     /* Update entry point based on load address of text section */
0800     if (entry_sidx >= 0)
0801         entry += sechdrs[entry_sidx].sh_addr;
0802 
0803     /* Make kernel jump to purgatory after shutdown */
0804     image->start = entry;
0805 
0806     /* Used later to get/set symbol values */
0807     pi->sechdrs = sechdrs;
0808 
0809     /*
0810      * Used later to identify which section is purgatory and skip it
0811      * from checksumming.
0812      */
0813     pi->purgatory_buf = kbuf.buffer;
0814     return ret;
0815 out:
0816     vfree(sechdrs);
0817     vfree(kbuf.buffer);
0818     return ret;
0819 }
0820 
0821 static int kexec_apply_relocations(struct kimage *image)
0822 {
0823     int i, ret;
0824     struct purgatory_info *pi = &image->purgatory_info;
0825     Elf_Shdr *sechdrs = pi->sechdrs;
0826 
0827     /* Apply relocations */
0828     for (i = 0; i < pi->ehdr->e_shnum; i++) {
0829         Elf_Shdr *section, *symtab;
0830 
0831         if (sechdrs[i].sh_type != SHT_RELA &&
0832             sechdrs[i].sh_type != SHT_REL)
0833             continue;
0834 
0835         /*
0836          * For section of type SHT_RELA/SHT_REL,
0837          * ->sh_link contains section header index of associated
0838          * symbol table. And ->sh_info contains section header
0839          * index of section to which relocations apply.
0840          */
0841         if (sechdrs[i].sh_info >= pi->ehdr->e_shnum ||
0842             sechdrs[i].sh_link >= pi->ehdr->e_shnum)
0843             return -ENOEXEC;
0844 
0845         section = &sechdrs[sechdrs[i].sh_info];
0846         symtab = &sechdrs[sechdrs[i].sh_link];
0847 
0848         if (!(section->sh_flags & SHF_ALLOC))
0849             continue;
0850 
0851         /*
0852          * symtab->sh_link contain section header index of associated
0853          * string table.
0854          */
0855         if (symtab->sh_link >= pi->ehdr->e_shnum)
0856             /* Invalid section number? */
0857             continue;
0858 
0859         /*
0860          * Respective architecture needs to provide support for applying
0861          * relocations of type SHT_RELA/SHT_REL.
0862          */
0863         if (sechdrs[i].sh_type == SHT_RELA)
0864             ret = arch_kexec_apply_relocations_add(pi->ehdr,
0865                                    sechdrs, i);
0866         else if (sechdrs[i].sh_type == SHT_REL)
0867             ret = arch_kexec_apply_relocations(pi->ehdr,
0868                                sechdrs, i);
0869         if (ret)
0870             return ret;
0871     }
0872 
0873     return 0;
0874 }
0875 
0876 /* Load relocatable purgatory object and relocate it appropriately */
0877 int kexec_load_purgatory(struct kimage *image, unsigned long min,
0878              unsigned long max, int top_down,
0879              unsigned long *load_addr)
0880 {
0881     struct purgatory_info *pi = &image->purgatory_info;
0882     int ret;
0883 
0884     if (kexec_purgatory_size <= 0)
0885         return -EINVAL;
0886 
0887     if (kexec_purgatory_size < sizeof(Elf_Ehdr))
0888         return -ENOEXEC;
0889 
0890     pi->ehdr = (Elf_Ehdr *)kexec_purgatory;
0891 
0892     if (memcmp(pi->ehdr->e_ident, ELFMAG, SELFMAG) != 0
0893         || pi->ehdr->e_type != ET_REL
0894         || !elf_check_arch(pi->ehdr)
0895         || pi->ehdr->e_shentsize != sizeof(Elf_Shdr))
0896         return -ENOEXEC;
0897 
0898     if (pi->ehdr->e_shoff >= kexec_purgatory_size
0899         || (pi->ehdr->e_shnum * sizeof(Elf_Shdr) >
0900         kexec_purgatory_size - pi->ehdr->e_shoff))
0901         return -ENOEXEC;
0902 
0903     ret = __kexec_load_purgatory(image, min, max, top_down);
0904     if (ret)
0905         return ret;
0906 
0907     ret = kexec_apply_relocations(image);
0908     if (ret)
0909         goto out;
0910 
0911     *load_addr = pi->purgatory_load_addr;
0912     return 0;
0913 out:
0914     vfree(pi->sechdrs);
0915     pi->sechdrs = NULL;
0916 
0917     vfree(pi->purgatory_buf);
0918     pi->purgatory_buf = NULL;
0919     return ret;
0920 }
0921 
0922 static Elf_Sym *kexec_purgatory_find_symbol(struct purgatory_info *pi,
0923                         const char *name)
0924 {
0925     Elf_Sym *syms;
0926     Elf_Shdr *sechdrs;
0927     Elf_Ehdr *ehdr;
0928     int i, k;
0929     const char *strtab;
0930 
0931     if (!pi->sechdrs || !pi->ehdr)
0932         return NULL;
0933 
0934     sechdrs = pi->sechdrs;
0935     ehdr = pi->ehdr;
0936 
0937     for (i = 0; i < ehdr->e_shnum; i++) {
0938         if (sechdrs[i].sh_type != SHT_SYMTAB)
0939             continue;
0940 
0941         if (sechdrs[i].sh_link >= ehdr->e_shnum)
0942             /* Invalid strtab section number */
0943             continue;
0944         strtab = (char *)sechdrs[sechdrs[i].sh_link].sh_offset;
0945         syms = (Elf_Sym *)sechdrs[i].sh_offset;
0946 
0947         /* Go through symbols for a match */
0948         for (k = 0; k < sechdrs[i].sh_size/sizeof(Elf_Sym); k++) {
0949             if (ELF_ST_BIND(syms[k].st_info) != STB_GLOBAL)
0950                 continue;
0951 
0952             if (strcmp(strtab + syms[k].st_name, name) != 0)
0953                 continue;
0954 
0955             if (syms[k].st_shndx == SHN_UNDEF ||
0956                 syms[k].st_shndx >= ehdr->e_shnum) {
0957                 pr_debug("Symbol: %s has bad section index %d.\n",
0958                         name, syms[k].st_shndx);
0959                 return NULL;
0960             }
0961 
0962             /* Found the symbol we are looking for */
0963             return &syms[k];
0964         }
0965     }
0966 
0967     return NULL;
0968 }
0969 
0970 void *kexec_purgatory_get_symbol_addr(struct kimage *image, const char *name)
0971 {
0972     struct purgatory_info *pi = &image->purgatory_info;
0973     Elf_Sym *sym;
0974     Elf_Shdr *sechdr;
0975 
0976     sym = kexec_purgatory_find_symbol(pi, name);
0977     if (!sym)
0978         return ERR_PTR(-EINVAL);
0979 
0980     sechdr = &pi->sechdrs[sym->st_shndx];
0981 
0982     /*
0983      * Returns the address where symbol will finally be loaded after
0984      * kexec_load_segment()
0985      */
0986     return (void *)(sechdr->sh_addr + sym->st_value);
0987 }
0988 
0989 /*
0990  * Get or set value of a symbol. If "get_value" is true, symbol value is
0991  * returned in buf otherwise symbol value is set based on value in buf.
0992  */
0993 int kexec_purgatory_get_set_symbol(struct kimage *image, const char *name,
0994                    void *buf, unsigned int size, bool get_value)
0995 {
0996     Elf_Sym *sym;
0997     Elf_Shdr *sechdrs;
0998     struct purgatory_info *pi = &image->purgatory_info;
0999     char *sym_buf;
1000 
1001     sym = kexec_purgatory_find_symbol(pi, name);
1002     if (!sym)
1003         return -EINVAL;
1004 
1005     if (sym->st_size != size) {
1006         pr_err("symbol %s size mismatch: expected %lu actual %u\n",
1007                name, (unsigned long)sym->st_size, size);
1008         return -EINVAL;
1009     }
1010 
1011     sechdrs = pi->sechdrs;
1012 
1013     if (sechdrs[sym->st_shndx].sh_type == SHT_NOBITS) {
1014         pr_err("symbol %s is in a bss section. Cannot %s\n", name,
1015                get_value ? "get" : "set");
1016         return -EINVAL;
1017     }
1018 
1019     sym_buf = (unsigned char *)sechdrs[sym->st_shndx].sh_offset +
1020                     sym->st_value;
1021 
1022     if (get_value)
1023         memcpy((void *)buf, sym_buf, size);
1024     else
1025         memcpy((void *)sym_buf, buf, size);
1026 
1027     return 0;
1028 }